Barracuda Networks Tech Alert

0 comments

Posted on 23rd July 2008 by admin in Barracuda Networks |Spam Firewall

, , , , , , ,

This just in from Barracuda Networks regarding the latest firmware upgrade for their Spam Firewall …

+-+-+-+

Technical Alert No. 20080722
Description: Configuration changes to all Barracuda Spam Firewalls upon upgrade to Firmware Release 3.5.12
Revision: A1.0
Affected Barracuda Networks Products: Barracuda Spam Firewall Release 3.5.12

Details: On July 14, 2008, Barracuda Networks released Barracuda Spam Firewall Release 3.5.12.001 into beta release. Upon upgrading to firmware release 3.5.12, three one-time configuration changes will be made to your Barracuda Spam Firewall:

  1. Disabling of bounce messages. On the Basic -> Spam Scoring page, in the Spam Bounce (NDR) Configuration section, the Send Bounce field will be set to No. Because of the growing number of spam emails spoofing addresses of good email senders, this change is being made to avoid sending bounce messages to innocent parties.
  2. Removal of Spamhaus external block lists previously listed as “Common External Blacklists.” On the Block/Accept -> IP Reputation page, the following Spamhaus external block lists will be removed from the Custom External RBLs list: sbl.spamhaus.org, xbl.spamhaus.org and sbl-xbl.spamhaus.org.The Barracuda Spam Firewall used to enable Spamhaus external block lists by default when usage of those lists was free to all Internet users. Now that Spamhaus is seeking license fees from some Internet users, this change is being made to remove the previous default settings and to ensure that Barracuda Spam Firewall customers do not experience problems or unexpected service interruptions.
  3. Replacement of removed Spamhaus external block lists with Barracuda Reputation. If any Spamhaus external block lists were removed by the previous action and the Barracuda IP Reputation field was set to Off, the Barracuda IP Reputation will be set to the most restrictive action of all of the removed Spamhaus external block lists.For example, if sbl.spamhaus.org was set to Block and Barracuda IP Reputation was set to Off, the upgrade would remove sbl.spamhaus.org from the Custom External RBLs list and set Barracuda IP Reputation to Block.The purpose of this change is to maintain or improve performance of the Barracuda Spam Firewall. Barracuda Networks strongly recommends blocking based on Barracuda IP Reputation, and this blocking is particularly important when external block lists such as Spamhaus are not in use.

These changes will be made only once. If you want to re-enable bounce messages and reinsert the affected Spamhaus external block lists, you may do so manually after the upgrade.

Barracuda Networks recommends that you create a new backup of your configuration after upgrading to firmware release 3.5.12.

Risk Rating: None

For More Tech Alerts: www.BarracudaNetworks.com/ns/support/tech_alert.php

For more information on Barracuda Spam Firewall’s please go to: http://www.BarracudaNetworks.ca

Popularity: 20% [?]

Post to Twitter

Ipswitch Announces Two New Email Archival Solutions For Their IMail Server

0 comments

Posted on 18th July 2008 by admin in Ipswitch IMail Server

, , , , , , ,

With the release of two new archiving solutions, Ipswitch recognizes that archiving your emails is just plain smart.

How essential is email archiving?

Companies’ dependency on email has been a driving force behind the growth experienced in email archiving over the past few years. Messaging archival systems are ideally suited to preserving correspondence in support of all regulatory compliance and storage maintenance requirements. Your organization needs to be aware of what is required to comply with corporate regulations and legal requirements.

From a legal perspective, email data is subject to numerous regulations for protecting data which require rapid retrieval and longer retention periods. Practical considerations you should consider for archiving address a number of operational concerns such as escalating capacity on email servers.

What makes sense for you?

Before selecting an email archive system, it’s important to understand the distinct differences between the IMail Server archival solutions. Your email archiving system must first consider the best archiving approach to achieve your organization’s goals.

We have two archival solutions that use distinct methods to deploy messaging archiving : MailArchiva and Sonian Hosted Archival Systems.

MailArchiva Enterprise Edition is an installed email archiving system for companies of all sizes. It works in conjunction with IMail Server Version 10.01 to archive all incoming, outgoing and internal emails. In many jurisdictions around the world, the law requires that company emails are kept for up to seven years. MailArchiva is designed to help you comply with legislation such as the Sarbanes Oxley act (SOX), Gramm-Leach Bliley act (GLBA) and the Freedom of information act (FOIA).

Sonian provides an affordable, scalable, reliable and secure hosted email archiving service for organizations of all sizes. The Sonian Archive system is designed to accommodate both compliance archiving as well as storage resource management. You can archive everything for all users, or allow users to archive just the data they want to keep.

Bottom line, the focus is on no longer keeping emails on backups. Your organization needs a method to manage business records and to address future discovery burdens in a cost effective and timely manner. IMail Server Archiving Solutions alleviate the burden of managing growth in email and instant messaging by optimizing storage and leveraging cost effective storage solutions.

IMail Archiving Solutions are available today for you to purchase. Please contact one of our helpful account managers at 1-877-386-3763 if you have any questions or would like to purchase MailArchiva or Sonian Hosted Archival Systems.

You can also visit our website www.Ipswitch.ca/imail/mailarchiva.aspx for additional details as well.

Popularity: 5% [?]

Post to Twitter

Major BIND DNS Vulnerability does NOT affect the XRoads Networks EdgeXOS platform

0 comments

Posted on 10th July 2008 by admin in XRoads Networks

, , ,

XRoads Networks confirmed today that it is not effected by the recent security vulnerability (find details here) found in most [tag]BIND DNS server[/tag] implementations.

The EdgeXOS platform does not use BIND, unlike some of our competitors, and thus this vulnerability on its face does not directly impact our ActiveDNS solution.

However because of the severe nature of the issue, our engineering team also confirmed that our own ActiveDNS implementation does not suffer from the problems found in the BIND implementation.

A spoke person at [tag]XRoads Networks[/tag] commented that “Our customers should feel confident that their DNS services, based on our ActiveDNS technology, is secure and not subject to this major BIND vulnerability. For customers looking to find a non-BIND solution for their inbound WAN load balancing requirements, we encourage them to take a look at our product offerings.”

For more information about XRoads Networks Unified Bandwidth Management solutions please go to: www.loadbalancersolutions.com/xroads-networks.aspx

Popularity: 5% [?]

Post to Twitter

Check The Database That Your Network Monitoring Tools Are Storing Their Data In

0 comments

Posted on 10th July 2008 by admin in CastleRock

, , , ,

Ipswitch’s WhatsUp Gold 12

  • Includes Microsoft SQL Server 2005 Express Edition (SSEE) [tag]WhatsUp Gold[/tag] 12 – includes Microsoft [tag]SQL Server 2000 Desktop Edition (WMSDE)

[tag]CastleRock’s SNMPc[/tag] Online

  • Includes Microsoft SQL Server 2000 Desktop Edition (WMSDE)

********************************************************************
[tag]Microsoft Security Bulletin[/tag] Summary for July 2008
Issued: July 8, 2008
********************************************************************

This bulletin summary lists security bulletins released for July 2008.

The full version of the Microsoft Security Bulletin Summary for July 2008 can be found at:

www.microsoft.com/technet/security/bulletin/ms08-jul.mspx

Important Security Bulletins
============================

Microsoft Security Bulletin MS08-040

- Affected Software:
- Microsoft SQL Server 2000 Desktop Engine (WMSDE) on
Microsoft Windows 2000 Service Pack 4
- Microsoft SQL Server 2000 Desktop Engine (WMSDE) on
Windows Server 2003 Service Pack 1 and
Windows Server 2003 Service Pack 2
- Windows Internal Database (WYukon) Service Pack 2 on
Windows Server 2003 Service Pack 1 and
Windows Server 2003 Service Pack 2
- Microsoft SQL Server 2000 Desktop Engine (WMSDE) on
Windows Server 2003 x64 Edition and
Windows Server 2003 x64 Edition Service Pack 2
- Windows Internal Database (WYukon) x64 Edition Service Pack 2
on Windows Server 2003 x64 Edition and
Windows Server 2003 x64 Edition Service Pack 2
- Windows Internal Database (WYukon) Service Pack 2
on Windows Server 2008 for 32-bit Systems
(Windows Server 2008 Server Core installation affected)
- Windows Internal Database (WYukon) x64 Edition Service Pack 2
on Windows Server 2008 for x64-based Systems
(Windows Server 2008 Server Core installation affected)
- GDR update for SQL Server 7.0 Service Pack 4
- QFE update for SQL Server 7.0 Service Pack 4
- GDR update for SQL Server 2000 Service Pack 4
- QFE update for SQL Server 2000 Service Pack 4
- GDR update for SQL Server 2000
Itanium-based Edition Service Pack 4
- QFE update for SQL Server 2000
Itanium-based Edition Service Pack 4
- GDR update for SQL Server 2005 Service Pack 2
- QFE update for SQL Server 2005 Service Pack 2
- GDR update for SQL Server 2005 x64 Edition Service Pack 2
- QFE update for SQL Server 2005 x64 Edition Service Pack 2
- GDR update for SQL Server 2005 with SP2 for
Itanium-based Systems
- QFE update for SQL Server 2005 with SP2 for
Itanium-based Systems
- GDR update for Microsoft Data Engine (MSDE) 1.0 Service Pack 4
- QFE update for Microsoft Data Engine (MSDE) 1.0 Service Pack 4
- GDR update for Microsoft SQL Server 2000
Desktop Engine (MSDE 2000) Service Pack 4
- QFE update for Microsoft SQL Server 2000
Desktop Engine (MSDE 2000) Service Pack 4
- GDR update for Microsoft SQL Server 2005
Express Edition Service Pack 2
- QFE update for Microsoft SQL Server 2005
Express Edition Service Pack 2
- GDR update for Microsoft SQL Server 2005
Express Edition with Advanced Services Service Pack 2
- QFE update for Microsoft SQL Server 2005
Express Edition with Advanced Services Service Pack 2

- Impact: Elevation of Privilege
- Version Number: 1.0

Microsoft Security Bulletin MS08-038

- Affected Software:
- Windows Vista and
Windows Vista Service Pack 1
- Windows Vista x64 Edition and
Windows Vista x64 Edition Service Pack 1
- Windows Server 2008 for 32-bit Systems
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for x64-based Systems
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for Itanium-based Systems

- Impact: Remote Code Execution
- Version Number: 1.0

Microsoft Security Bulletin MS08-037

- Affected Software:
- DNS client update for Microsoft Windows 2000 Service Pack 4
- DNS Server update for Microsoft Windows 2000 Server Service
Pack 4
- DNS client update for Windows XP Service Pack 2 and
Windows XP Service Pack 3
- DNS client update for Windows XP Professional x64 Edition and
Windows XP Professional x64 Edition Service Pack 2
- DNS client update for Windows Server 2003 Service Pack 1 and
Windows Server 2003 Service Pack 2
- DNS server update for Windows Server 2003 Service Pack 1 and
Windows Server 2003 Service Pack 2
- DNS client update for Windows Server 2003 x64 Edition and
Windows Server 2003 x64 Edition Service Pack 2
- DNS server update for Windows Server 2003 x64 Edition and
Windows Server 2003 x64 Edition Service Pack 2
- DNS client update for Windows Server 2003 with SP1 for
Itanium-based Systems and
Windows Server 2003 with SP2 for Itanium-based Systems
- DNS server update for Windows Server 2003 with SP1 for
Itanium-based Systems and
Windows Server 2003 with SP2 for Itanium-based Systems
- DNS server update for Windows Server 2008 for 32-bit Systems
(Windows Server 2008 Server Core installation affected)
- DNS server update for Windows Server 2008 for x64-based
Systems (Windows Server 2008 Server Core installation affected)

- Impact: Spoofing
- Version Number: 1.0

Microsoft Security Bulletin MS08-039

- Affected Software:
- Microsoft Exchange Server 2003 Service Pack 2
- Microsoft Exchange Server 2007
- Microsoft Exchange Server 2007 Service Pack 1

- Impact: Elevation of Privilege
- Version Number: 1.0

Other Information
=================

Microsoft Windows Malicious Software Removal Tool:
==================================================
Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Non-Security, High-Priority Updates on MU, WU, and WSUS:
========================================================
Please see:
* http://support.microsoft.com/kb/894199: Microsoft Knowledge Base
Article 894199, Description of Software Update Services and
Windows Server Update Services changes in content for 2008.
Includes all Windows content.

* http://technet.microsoft.com/en-us/wsus/bb466214.aspx: New,
Revised, and Released Updates for Microsoft Products Other Than
Microsoft Windows

Recognize and avoid fraudulent e-mail to Microsoft customers:
=============================================================
If you receive an e-mail message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious Web sites. Microsoft does not distribute security updates via e-mail.

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at https://www.microsoft.com/technet/security/bulletin/pgp.mspx.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications on http://www.microsoft.com/technet/security/bulletin/notify.mspx.

********************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************

Popularity: 4% [?]

Post to Twitter